Is it secure to use with ethereumjs-tx?
louisabraham opened this issue · 1 comments
Hello,
I would like to use this module with https://github.com/ethereumjs/ethereumjs-tx, so that I can sign directly transactions from my browser, and I don't know if it is really secure. Maybe it is not the right place to ask, so please tell me if it isn't.
I would like to store the keystore file on a server, load it in a webapp in my (regular, not mist) browser, unlock the account using keythereum, sign the transactions I want to make with ethereumjs-tx and finally send them to a remote node using the eth_sendrawtransaction of the RPC API.
Let's suppose for this paragraph that the browser environment is safe.
If the https connection is MITMed, and the keystore file is intercepted, is it a problem?
Is the browser environment really safe?
A better place to ask might be the ethereumjs-tx repo. Keythereum just generates and encrypts the keys (using the same ciphers etc that geth uses). It does not actually sign transactions or submit them to the network.